[
https://issues.apache.org/jira/browse/NIFI-8218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-8218:
---------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> SAML message intended destination endpoint {} did not match receipient {}
> -------------------------------------------------------------------------
>
> Key: NIFI-8218
> URL: https://issues.apache.org/jira/browse/NIFI-8218
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Major
> Fix For: 1.13.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When behind a proxy, NiFi will respect the X-ProxyHost header and use that
> value to construct the URLs in the SAML request, so that the SAML response
> will be sent back through the proxy.
> When processing the SAML response, there is OpenSAML code that compares the
> "Destination" value in the SAML response which will have the proxy host,
> against the host on the HttpServletRequest which comes from the Host header.
> So if the Host header is different from X-ProxyHost, which it could be, then
> this comparison fails.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
